CVE-2013-2077 — XEN vulnerability

CWE-2647 documents6 sources

Severity

5.2MEDIUMNVD

EPSS

0.1%

top 69.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedAug 28

Latest updateMay 17

Description

Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR, which allows local PV guest users to cause a denial of service (unhandled exception and hypervisor crash) via unspecified vectors.

CVSS vector

AV:A/AC:M/C:N/I:N/A:CExploitability: 4.4 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.2.2-1 (bookworm)

▶Debianxen/xen< 4.2.2-1+3

▶NVDxen/xen14 versions+13

🔴Vulnerability Details

GHSA

GHSA-w7r6-5v3v-j2c3: Xen 4↗2022-05-17

▶

OSV

CVE-2013-2077: Xen 4↗2013-08-28

▶

📋Vendor Advisories

Red Hat

kernel: xen: Hypervisor crash due to missing exception recovery on XRSTOR↗2013-06-03

▶

Debian

CVE-2013-2077: xen - Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of a XRSTOR,...↗2013

▶

💬Community

Bugzilla

CVE-2013-2077 kernel: xen: Hypervisor crash due to missing exception recovery on XRSTOR [fedora-all]↗2013-06-03

▶

Bugzilla

CVE-2013-2077 kernel: xen: Hypervisor crash due to missing exception recovery on XRSTOR↗2013-05-17

▶